Babuk ransomware operators announce shutdown

In a forum post titled “Hello World 2,” the operators said they intend to close up shop. Often when ransomware groups cease operations, they release their encryption keys. However the Babuk operators plan to make the source code for Babuk file-encrypting malware publicly available after they close down. The message was modified and subsequently taken down on the forum. One version indicated the group’s recent attack on the Metropolitan Police Department was its final goal, indicating their shutdown was forthcoming. Babuk only began operating at the beginning of 2021, but quickly targeted enterprise organizations with sophisticated methods, using ransomware customized for each victim with a hardcoded extension, ransom note, and Tor URL for contact.

(Bleeping Computer)

Now we need to worry about deepfake satellite images

Concerns about deepfakes, or AI-generated images, usually centers around using it to swap faces, with concerns about impersonating other people. But geographers at the University of Washington recently published a paper documenting the ways that deepfakes could be used on geographical satellite images. The paper warns that these are much easier to pass off as credible, both because of the lower resolution images, and because the public generally assumes these images are already credible. An analyst at the National Geospatial-Intelligence Agency also imagined the military implications of faked satellite imagery in a 2019 paper, with fakes maps used to mislead troops. The University of Washington paper hopes to spread awareness of the possibility of deepfake maps, and the relative ease of generating them. 

(The Verge)

QNAP hit with AgeLocker ransomware

QNAP confirmed this attack is targeting its popular prosumer network-attached-storage devices, and urged customers to update their NAS operating system and apps to avoid being impacted by the malicious actors. The company also advised NAS devices be taken offline or only used over trusted VPNs. It’s unclear what vulnerability AgeLocker is targeting, or how long it’s been present on QNAP systems. The company also issued similar a warning about devices being targeted by Qlocker ransomware operators. 

(The Record)

Task force urges US government to step up ransomware response

This call comes from a new report from the Institute for Security and Technology, a group of over 60 experts across industry, government, nonprofits, and academia that formed in January. The overall report lays out 48 total recommendations for policymakers across areas like international cooperation, coordinating with the public and private sector, creation of an interagency task force by the government, response and recovery support for victims, and stronger oversight of the cryptocurrency industry. The group is optimistic about recent steps taken to coordinate ransomware response, but warned that legislative action will be needed to fully address the issues. 


Thanks to our episode sponsor, Aptible

Compliance teams have a ton of work to do such as completing access reviews, mitigating risks, and collecting evidence towards an audit pst Aptible Comply can help automate all of those things. The last thing the compliance team should be spending time on is sharing infosec documentation. That’s why we also created Rooms. Now your security docs are instantly available to your customers; no back-and-forth to sign NDAs, watermark docs, or provide new docs. Focus on compliance and help the sales team close deals with Rooms. Go to to create your free Room now.

Facebook accidentally hides hashtag critical of Indian government

Facebook initially said it blocked some posts using the hashtag “ResignModi” in India, referring to the country’s prime minister Narendra Modi, for violating community standards. A spokesperson later clarified the hashtag had been temporarily blocked in India by mistake, but reiterated it was not in response to an order from the Indian government. This comes after several social platforms, including Facebook, complied with Indian Law and removed content critical of the Indian government’s COVID-19 response. Facebook says it’s investigating why the hashtag was blocked.  


EU approves terrorist content takedown law

The European Parliament formally adopted a law requiring internet companies to “remove or disable access to flagged terrorist content” within 1 hour of being notified by an EU national government. The law does not require preemptive monitoring and filtering of content by internet companies, and includes exception for terrorist content deemed part of any educational, artistic, journalistic, or academic material. The law will come into effect 12 months after it is published in the EU’s official journal, from there each member state will have to adapt the law. 

(The Verge)

Appeals court rules 3D printed gun designs don’t need export approval 

The 9th U.S. Circuit Court of Appeals in San Francisco ruled to reinstate a federal order that removed plans for 3D-printed self-assembled firearms from the State Department’s Munitions List. Weapons on the list need State Department approval for export, and being removed from the list means plans and parts can legally be posted and sold online. California, 21 other states and the District of Columbia had received an injunction against the order, but the appeals court board ruled 2-1 that a 1989 federal law prohibits courts from overruling the State Department’s decision to add or remove a weapon from the Munitions List.


Wyoming accidentally posts thousands of COVID test results 

The Wyoming Department of Health issued a public health advisory confirming it posted the results on their public-facing storage buckets on GitHub as early as November 5th 2020. The Department learned of the exposed records on March 10th. A total of 164,021 records were exposed, and contained records for patients across the US. The data included not just COVID test results but breathalyzer test results, names or patient IDs, addresses, dates of birth, and the dates when patients were tested. A Department spokesperson said the state doesn’t know if anyone abused the records. 

(Threat Post)